Information Security Engineer II

How will this role impact First Command?

As an Information Security Engineer, you will help protect the organization’s data, networks, and systems from cyber threats. You will support the design, implementation, and continuous improvement of security controls, and monitor for suspicious activity to help detect, investigate, and respond to security events. You will partner with IT and business stakeholders to strengthen security practices, reduce risk, and support security initiatives.

What will the employee do in this role?

• Monitor areas of responsibility to prevent, detect, and investigate security alerts
• Assist in reviewing and improving annual security initiatives and areas of focus
• Coordinate, facilitate, and maintain the schedule for access reviews
• Provide security guidance and troubleshoot security issues as required
• Manage and improve information security documentation as required
• Deliver appropriate and accurate metrics to management
• Participate as a key member of the Information Security team by supporting operational security initiatives and cross-functional risk reduction efforts
• Stay up to date on new information technologies and apply innovations to the company’s security standards and best practices
• Collaborate with team members and other business functions, business partners, management, vendors, and external parties for information gathering and best practice recommendations
• Conduct security reviews, evaluations, and risk assessments, and develop recommendations for improvements as appropriate

What skills & qualifications do you need?

Education

• Hold a bachelor’s degree in computer science, Information Technology, or an engineering-related field, or possess equivalent experience
• Minimum of 3 years’ background working in an IT Security capacity
• Knowledge of information security policy design
• Proficiency in data loss prevention tools and techniques
• Ability to conduct, interpret, and report on data loss prevention configuration alerts
• Familiarity with vulnerability and penetration testing tools and techniques
• Proficiency in conducting, interpreting, and reporting on vulnerability and penetration tests
• Experience participating in security audits
• Skill in monitoring for security events, evaluating, and responding where appropriate

Certifications

• Minimum Required: CompTIA Security+
• Additionally Preferred: CISSP, Microsoft Security Certifications (SC‑200 – Security Operations Analyst Associate), CCSP, CCNA, and CCNP: Security

Required Knowledge, Skills and Abilities

• Produce and maintain documentation and evidence with diligence
• Working knowledge of ISO, NIST, and other information security standards, laws, and regulations
• Strong analytical skills
• Take initiative and demonstrate comfort with self-directed learning on industry risks and changes
• Perform risk analysis and provide recommendations to mitigate risk
• Communicate effectively in writing and verbally
• Speak confidently when dealing with internal constituents
• Identify problems, review related information, develop and evaluate options, and implement solutions
• Build domain knowledge of our environment to understand long-term risk areas that may develop as systems evolve
• Incorporate industry security standards into practical security operations, network operations, and application development practices
• Familiarity with Privileged Access Management (PAM) tools and concepts
• Knowledge of computer networking concepts and protocols, and network security
• Working knowledge of the Agile Framework

#LI-NC1 #LI-HYBRID